1. Workflow Technology
Many business and governmental organizations are increasingly employing "workflow technology", that is, means for automation of "business processes", to improve the efficiency of their operations. A "business process" involves the transfer of one or more documents, information, or tasks between participants according to a set of procedural rules in order to achieve business goals. In general, "workflow technology" relates to the computerization of business processes previously carried out on paper, typically involving the physical handing-off of paper files from one individual or workgroup to another as the steps in the business process are sequentially completed. More specifically, workflow technology consists of a set of tools to define and manage business processes; its goal is the complete or partial automation of a business process, without loss of controls required throughout the process. This requires, for example, that various individuals be provided access to a particular computer file at corresponding times, and not at others.
For example, suppose that according to preexisting practices within a business, an equipment purchase requires that a purchase requisition is to be originated by an engineering group, approved by an engineering manager, approved by an accounting group, and approved by a particular vice-president, before being forwarded to the purchasing department for ordering. Further, suppose the practice allows the approvals by the engineering manager and accounting group to be obtained in either order, as long as both are obtained before the proposal goes to the vice president. It will be apparent that a considerable amount of time and resources must be devoted to getting the correct signatures on the proper paper forms in the proper order, particularly if the various individuals involved are at different locations, or there is particular urgency.
Such a well-defined business process is a good candidate for automation according to present-day workflow technology. Essentially the process is originated by the original requisitioner creating a computer file, and passing it to a workflow software program. The program "knows" the proper sequence of approvals and other steps involved, and can prompt the various individuals and departments when it is their turn to handle the request. However, in order to ensure the integrity of the process, it is important that the software ensure that access to the appropriate computer file is passed in sequence from the engineering group simultaneously to the engineering manager and accounting group, and thence to the vice president, followed by the purchasing department, and that, after each has completed their task, their access is terminated. Further, the software must provide for the possibility that during each of these steps one or more persons may have access; for example, perhaps only one vice president can approve the request, but anyone above a certain level in the purchasing department can give the final approval. Workflow technology available as commercial software provides ready automation of processes of this kind.
More rigorously stated, "workflows" consist of a set of "activities" carried out in a predefined order. As such, access control becomes an integral part in the enactment of a workflow. Each activity requires privileged "operations", the access to which is restricted to authorized user(s) who participate in that activity. Moreover, the privileged operations permitted to a user may change as a workflow is processed. For example, an activity involving the purchase of an article of equipment is only permitted to a user until the purchase has been completed, whereupon the permission for that user to purchase the equipment is removed.
In presently available workflow processing software, and in proposals for further enhancements, access control has been provided to individuals by listing the individuals permitted to perform each of the operations defined for a particular workflow. These "connections" between the individuals and the permissions to perform the activities require careful and time-consuming maintenance. Particularly where the entire set of activities may be performed over a long period of time, such that individuals are likely to change their job responsibilities during the completion of the process, this practice can be troublesome. Extensive system overhead, in the form of time and trouble to system administrators and persons of similar responsibility, is required to ensure that the connections between the individuals and the activities they are permitted are constantly updated.
U.S. Pat. No. 5,634,127 to Cloud et al discusses use of workflow management as a means of conveniently interfacing two otherwise incompatible systems, as occurs, for example, when two banks having differing computer systems for accomplishing essentially similar tasks merge. By mapping the various system functions from the two systems to identical workflow entities, the task of marrying the two systems is greatly simplified. Hsu et al U.S. Pat. No. 5,581,691 relates to a generic workflow management system. Smith et al U.S. Pat. No. 5,181,162 refers to a document management and production system, e.g., for assembling the pages and sections of newspapers and the like. Workflow processing is referred to at column 5 as a means whereby the access of various workgroups to the document can be appropriately controlled.
2. Role-Based Access Control
Role-based access control ("RBAC") is a methodology for controlling access to computer systems. The use of RBAC is increasing in organizations, primarily because RBAC reduces administrative cost and complexity as compared to other access control mechanisms. With RBAC, access is based on a user's role within an organization. Consequently, access control administration is at a level of abstraction that is natural to the way that organizations typically conduct business.
Briefly stated, in RBAC systems, access to an object within a computer system is provided to "subjects" that are the members of groups termed "roles"; all subjects belonging to a given role have the same privileges to access various objects within the system. Individual "users" are then granted access to objects by being assigned membership in appropriate roles.
RBAC is considered useful in many commercial environments because it allows access to the computer system to be conveniently organized along lines corresponding to the actual duties and responsibilities of individuals within organizations. For example, RBAC allows the access provided by roles to conform to a preexisting hierarchy; in a hospital environment, members of the "doctor" role will have broader access to protected objects than would members of "nurse", who will in turn be given broader access than "health-care provider". Various types of privilege can be conveniently organized as a function of role assignments. For example, "doctor" membership may allow the user the privilege to read from or write to a pharmacy record, while "pharmacist" may only allow reading therefrom. Cardinality may be enforced; that is, only one general manager may exist at a given time. Roles may be exclusive; that is, an individual who is a member of "trader" in a commercial bank could not also be a member of "auditor" at the same time.
A particular advantage of RBAC is that it allows the access privileges provided to individuals to be very conveniently reconfigured as the individuals change job requirements, simply by deleting one's original assignment to a first role and adding one to the new role.
RBAC is described in "Role-Based Access Controls", Ferraiolo et al, Proceedings of the 15th NIST-NSA National Computer Security Conference, 1992, and operational RBAC software is available from several vendors. A rigorous mathematical basis for RBAC is provided by Ferraiolo et al, "Role based access control: Features and motivations", Annual Computer Security Applications Conference, IEEE Computer Society Press, 1995. This paper, which is not prior art to the present invention, is incorporated herein by reference. See also Sandhu et al, "Proceedings of the First ACM Workshop on Role Based Access Control", ACM, 1996, also not prior art to the present invention.
Insofar as known to the present inventor, the applicable prior art does not suggest that RBAC might be employed in connection with workflow technology.